Chapter 3 Getting and Installing the OpenSSO Add-On

This chapter explains how to download and install the OpenSSO Add-On for Web Space Server.

• Before You Begin

• Getting the OpenSSO Add-On

• Installing the OpenSSO Add-On

Before You Begin

This section explains some basic requirements and concepts you should review before proceeding with OpenSSO Add-On for Web Space Server 10.0 software installation.

• System Requirements

• Installation Directories

• Platform-Specific Path Separators

System Requirements

The OpenSSO Add-On for Web Space Server 10.0 requires the following:

• Sun GlassFish Web Space Server 10.0 software

  The Web Space Server software should be installed as described in the Sun GlassFish Web Space Server 10.0 Getting Started Guide. Note that the requirements listed in Software and Hardware Requirements in Sun GlassFish Web Space Server 10.0 Getting Started Guide also apply to the OpenSSO Add-On.

  While any of the Web Space Server 10.0 packages will work with the OpenSSO Add-On, the recommended Web Space Server package for production environments is webspace-10-fcs-for-gfv2.zip, which is the standalone Web Space Server package that includes neither GlassFish nor the Web Space Server sample site and user sets. See the Sun GlassFish Web Space Server page or Getting Sun GlassFish Web Space Server Software in Sun GlassFish Web Space Server 10.0 Getting Started Guide for information about the different Web Space Server 10.0 downloads.

• Sun GlassFish Enterprise Server 2.1 software

  Other versions of Sun GlassFish Enterprise Server software will work with Web Space Server, such as GlassFish v3 Prelude, but are recommended for evaluation or testing purposes only, rather than a production environment.

• Authentication Server

  A working OpenSSO or Access Manager authentication server with which you want Web Space Server to interact must be installed and configured prior to installing the OpenSSO Add-On for Web Space Server software.

  The recommended OpenSSO server version is Enterprise 8.0, which is available for download from the OpenSSO Project page. Note that this guide does not explain how to install or configure your authentication server.

Installation Directories

The directories in which Web Space Server and Sun GlassFish Enterprise Software may vary, so throughout these installation instructions, the root Web Space Server server installation directory is referred to as webspace_dir, and the Sun GlassFish Enterprise Server root directory is referred to as glassfish_dir.

Platform-Specific Path Separators

The instructions and examples in this document use UNIX-style forward slash (/) path separators in file and command names. If Web Space Server and Sun GlassFish Enterprise Server are installed on a Windows system, be sure to use backslashes (\) instead of forward slashes; for example:

• UNIX systems or Linux systems — glassfish_dir/bin/asadmin

• Windows systems — glassfish_dir\bin\asadmin

Getting the OpenSSO Add-On

As with all Web Space Server Add-On packages, the OpenSSO Add-On is downloaded using the Sun GlassFish Update Tool.

The version of Update Tool included with some versions of GlassFish is not compatible with the Web Space Server Add-On package repositories. You must use the version of Update Tool that comes with Web Space Server 10.0 software.

Update Tool also includes a command-line (CLI) Image Packaging System (IPS) utility, called pkg, which provides the same core functionality as its GUI-based counterpart. This IPS tool is started with the webspace_dir/bin/pkg command. See the Update Center wiki for complete information about Update Tool and the pkg command.

• To Get the OpenSSO Add-On Using the GUI-Based Update Tool

• To Get the OpenSSO Add-On Using the CLI-Based pkg Tool

To Get the OpenSSO Add-On Using the GUI-Based Update Tool

Before You Begin

Make sure that Sun GlassFish Enterprise Server v2 or later and Sun GlassFish Web Space Server 10.0 are both installed and running on your system, as described in System Requirements.

In these instructions, the root Web Space Server server installation directory is referred to as webspace_dir, and the Sun GlassFish Enterprise Server root directory is referred to as glassfish_dir.

1. In a command shell for your operating system, change to the webspace_dir/bin directory and run the updatetool command.

   If this is the first time you have launched updatetool, the full Update Tool product will not yet be installed, and you are prompted to allow installation to proceed.

   1. Type y when prompted to install Update Tool.

      The installer downloads and installs the full Update Tool product and then exits.

   2. Enter the updatetool command again to launch Update Tool.

   The Update Tool main window is displayed, with Available Updates highlighted.

   

2. (Optional) You can choose at this time to install any available updates.

   Note that if you choose to install updates at this time, you will in most cases need to restart GlassFish and Web Space Server before proceeding with the remainder of OpenSSO Add-On installation.

3. Click the Web Space node in the Application Images pane on the left in Update Tool.

   Details about the currently selected software repositories are displayed. To get the Web Space Server Add-On, a restricted-access repository must be added to this list.

   

4. Click Edit Properties on the right side of the Image Details pane.

   The Image Properties window is displayed.

   

   Note that the repository named support.sun.com is not enabled.

5. Select the checkbox next to the support.sun.com repository, and then click Edit.

   The Repository Properties window is displayed.

   

6. Ask your SunSolve service representative for the correct URL to use, enter the URL here, and then click OK.

7. Verify that the support.sun.com repository is now Enabled and selected as Preferred, and then click OK.

   

8. Back in the Update Tool main window, choose the Available Add-Ons node in the Application Images pane to display the list of available Add-On packages.

9. Select the packages you want, and then click Install.

10. Proceed to Installing the OpenSSO Add-On for the remaining installation instructions.

To Get the OpenSSO Add-On Using the CLI-Based pkg Tool

Before You Begin

Make sure that Sun GlassFish Enterprise Server v2 or later and Sun GlassFish Web Space Server 10.0 are both installed and running on your system, as described in System Requirements.

In these instructions, the root Web Space Server server installation directory is referred to as webspace_dir, and the Sun GlassFish Enterprise Server root directory is referred to as glassfish_dir.

1. In a command shell for your operating system, change to the webspace_dir/bin directory and run the updatetool command.

   If this is the first time you have launched updatetool, the full Update Tool product will not yet be installed, and you are prompted to allow installation to proceed.

2. Type y when prompted to install Update Tool.

   The installer downloads and installs the full Update Tool product and then exits.

3. Change to the webspace_dir/pkg/bin directory.

4. Enter the following command to download the OpenSSO Add-On:

   pkg set-authority -P --enable -O http://pkg.sun.com/webspace/10/<repository_name>

   Ask your SunSolve service representative for the correct <repository_name>to use, enter the URL here, and then click OK.

5. Enter the following command to perform the base OpenSSO Add-On installation:

   pkg install webspace-opensso-addon

6. Proceed to Installing the OpenSSO Add-On for the remaining installation instructions.

Installing the OpenSSO Add-On

After using Update Tool to get the OpenSSO Add-On package, as described in Getting the OpenSSO Add-On, installing the package involves performing some minor configuration steps and then running an Ant script.

• To Install the OpenSSO Add-On

• To Uninstall the OpenSSO Add-On

To Install the OpenSSO Add-On

Before You Begin

• Make sure your OpenSSO server and your Web Space Server site are both running and accessible.

• Make note of the OpenSSO server host name, port number, and protocol used to access the OpenSSO administration application, as these will be needed later in this procedure.

1. Change to the webspace_dir/webspace/opensso/templates directory.

2. Make copies of the AMConfig.properties.template and portal-ext.properties.template files, dropping the .template extension from the names of the copies.

   For example:

   cp AMConfig.properties.template AMConfig.properties cp portal-ext.properties.template portal-ext.properties

3. Modify the AMConfig.properties file, as follows:

   1. Comment or uncomment, as appropriate, the lines for OpenSSO or Access Manager, depending on the type of authentication server you are using.

      The lines for OpenSSO configuration are uncommented by default. If you are instead using Access Manager, comment out the OpenSSO lines and uncomment the Access Manager lines.

   2. Replace localhost with the appropriate OpenSSO host name, port number, and protocol in the two lines containing the com.iplanet.am.*.url= properties.

      For example, if your OpenSSO server is ssofoo.bar.com running on HTTP port 7080, you would change:

      com.iplanet.am.naming.url=http://localhost:8080/opensso/namingservice

      to:

      com.iplanet.am.naming.url=http://ssofoo.bar.com:7080/opensso/namingservice

   3. Change com.iplanet.am.cookie.name from iPlanetDirectoryPro to the name of the cookie used by the OpenSSO server.

4. Modify the portal-ext.properties file, as follows:

   1. Comment or uncomment, as appropriate, the lines for OpenSSO or Access Manager, depending on the type of authentication server you are using.

      The lines for OpenSSO configuration are uncommented by default. If you are instead using Access Manager, comment out the OpenSSO lines and uncomment the Access Manager lines.

   2. Verify that the access.manager.auth.enabled property is set to true, and that the line is ucommented.

   3. Replace the first localhost in each access.manager.* property with the appropriate OpenSSO host name, port number, and protocol.

   4. Replace the second localhost, in each access.manager.* property (after the goto parameter), with the Web Space Server host name, port number, and protocol.

      For example, if your OpenSSO server is ssofoo.bar.com running on HTTP port 7080, and your Web Space Server is running on webspace.bar.com on port 8080, you would change:

      access.manager.login.url=http://localhost:8080/opensso/UI/Login? \ goto=http://localhost:8080/c/portal/login

      to:

      access.manager.login.url=http://ssofoo.bar.com:7080/opensso/UI/Login? \ goto=http://webspace.bar.com:8080/c/portal/login

      (Note that these statements should each be on a single line; they are wrapped to fit the page width here.)

5. Change to the webspace_dir/webspace/opensso directory and run the install-gfv2.xml Ant script

   ant -f install-gfv2.xml

6. Follow the prompts to complete the OpenSSO Add-On installation.

   The OpenSSO installation stops the Web Space Server domain and installs the following JAR and WAR files in the glassfish_dir/glassfish2/domains/domain_name directory for the domain_name you chose during installation:

   ./applications/j2ee-modules/FAMWebSynergyMapping/WEB-INF/lib/openssoclientsdk-v1.b5.jar ./applications/j2ee-modules/opensso-web/WEB-INF/lib/opensso-web-service.jar ./applications/j2ee-modules/opensso-web/WEB-INF/lib/openssoclientsdk-v1.b5.jar ./applications/j2ee-modules/websynergy/WEB-INF/lib/opensso-login-filters.jar ./applications/j2ee-modules/websynergy/WEB-INF/lib/openssoclientsdk-8.0.b6.jar ./autodeploy/FAMWebSynergyMapping.war ./autodeploy/opensso-web.war ./autodeploy/opensso-web.war_deployed ./lib/opensso-web-service.jar ./websynergy/deploy/opensso-web.war

7. Restart the Web Space Server domain when the OpenSSO Add-On installation is complete.

   cd glassfish_dir/glassfish2/bin ./asadmin start-domain domain_name

To Uninstall the OpenSSO Add-On

1. Stop the Web Space Server domain.

2. Change to the webspace_dir/var/webspace/war-workspace/customs/webspace/WEB-INF/classes directory and modify the portal-ext.properties file.

   1. Remove the OpenSSO Add-On entry from application.startup.events:

      com.sun.portal.opensso.startup.OpenssoAddonStartupAction

   2. Remove all properties related to OpenSSO.

      The complete list of properties is available in the portal-ext.properties.template file located in webspace_dir/webspace/opensso/templates.

3. Change to the webspace_dir/var/webspace/war-workspace/customs/webspace/WEB-INF directory and remove all the <filter> and <filter-mapping> entries named AM Filter.

4. Change to the webspace_dir/var/webspace/war-workspace/customs/webspace/WEB-INF/lib directory and remove the following two files:

   • openssoclientsdk-8.0.b6.jar

   • opensso-login-filters.jar

5. Change to the webspace_dir/var/webspace/war-workspace directory and run the synchronize.xml Ant script.

   ant -f synchronize.xml

   This rebuilds the Web Space Server webspace.war file.

6. Restart the Web Space Server domain and launch the Sun GlassFish Enterprise Server admin console.

   For example:

   http://fooserver:4848

7. Navigate to the Web Applications node and undeploy the communitymapperportlet.war and opensso-web.war applications.

8. Stop the Web Space Server domain.

9. Change to the glassfish_dir/domains/<webspaceserver_domain>/lib directory and remove the opensso-web-service.jar file.

10. Restart the Web Space Server domain.